Sign-up

ID

VAR-201711-0650


CVE

CVE-2017-5711


TITLE

Intel Manageability Engine Firmware of Active Management Technology Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010467

DESCRIPTION

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. Intel Manageability Engine The Intel Management Engine is Intel's thermal management driver for its desktop family of chipsets. Failed exploit attempts will likely result in denial-of-service conditions. Intel Manageability Engine versions 8.x, 9.x, 10.x, 11.0,11.5,11.6,11.7,11.10, and 11.20 are vulnerable. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. Active Management Technology (AMT) is one of the active management components. The following products and versions are affected: Intel Manageability Engine Firmware Versions 8.x, 9.x, 10.x, 11.0, 11.5, 11.6, 11.7, 11.10, 11.20; 6th, 7th, and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5711 // JVNDB: JVNDB-2017-010467 // CNVD: CNVD-2017-37851 // BID: 101918 // IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1 // VULHUB: VHN-113914

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1 // CNVD: CNVD-2017-37851

AFFECTED PRODUCTS

vendor:intelmodel:manageability enginescope:eqversion:11.7

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.6

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.5

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.20

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.10

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.0

Trust: 2.5

vendor:intelmodel:active management technologyscope:eqversion: -

Trust: 1.6

vendor:asusmodel:z170 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150-v7scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-v5scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-p d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-v5scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix heroscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:prime h110m-pscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simotion p320-4sscope:ltversion:17.02.06.83.1

Trust: 1.0

vendor:asusmodel:rog maximus x heroscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h270-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime q270m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-pro\/usb 3.1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-k d3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m3scope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h170i-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250m-f plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170tscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cs xscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h110m2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250m-c proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-v plusscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:10.0.0.0

Trust: 1.0

vendor:asusmodel:h110m-tsscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z370-pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ks r1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150i pro gaming\/wifi\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110tscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x apexscope:eqversion: -

Trust: 1.0

vendor:asusmodel:trooper h110 d3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547escope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:rog maximus viii rangerscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:9.0.0.0

Trust: 1.0

vendor:asusmodel:b150m-f plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:sabertooth z170 sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-c\/brscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547dscope:ltversion:7.1.91.3272

Trust: 1.0

vendor:asusmodel:prime z370-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-c d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:q270m-cm-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-p\/dviscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:sabertooth z170 mark 1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-proscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:8.0.0.0

Trust: 1.0

vendor:asusmodel:trooper b150 d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cs\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinumerik pcu50.5-pscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:prime z270-kscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477escope:ltversion:21.01.07

Trust: 1.0

vendor:asusmodel:h170m-e d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii extremescope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-plus d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-fscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-escope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix h270f gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc827cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h110m-c2\/tfscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-plusscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477d proscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b250 mining expertscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170 pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170i pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-csscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250-v7scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-d\/exper\/siscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/hdmiscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z370-plus gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:pio-b250iscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a\/m.2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-e\/m.2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:ex-h110m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix codescope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170t v2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h270m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270h gaming\/k1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-i gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc627dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b150m pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-premiumscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-a\/m.2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-a d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-e gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b150m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250-mrscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m4scope:ltversion:18.01.06

Trust: 1.0

vendor:asusmodel:q270-sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h110m2\/fptscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gaming d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix formulascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc427dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-vscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc827dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:prime h270-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix extremescope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix h270i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/psscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-arscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110i-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z370-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250-sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ksscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic itp1000scope:ltversion:23.01.03

Trust: 1.0

vendor:asusmodel:q170m-cm-bscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii impactscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-e d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-ascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:siemensmodel:simatic ipc477dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a\/dpscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z270 mark 1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii heroscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x formulascope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m2\/cdm\/siscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-vscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110s2scope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:8.1.71.3608

Trust: 1.0

vendor:asusmodel:rog maximus viii hero alphascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-k d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150i pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-plus d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:pio-b150mscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x codescope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-deluxescope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:prime b250m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-pro d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime j3355i-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii formulascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii genescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:ltversion:21.01.07

Trust: 1.0

vendor:asusmodel:prime b250m-jscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270e gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinumerik pcu50.5-cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h110m-rscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m5scope:ltversion:22.01.04

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:10.0.55.3000

Trust: 1.0

vendor:asusmodel:h110s1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-h110m-vscope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170s1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-arscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z270 mark 2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-k xscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix apexscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110t-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc627cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:intelmodel:manageability enginescope:eqversion:9.0

Trust: 0.9

vendor:intelmodel:manageability enginescope:eqversion:8.0

Trust: 0.9

vendor:intelmodel:manageability enginescope:eqversion:10.0

Trust: 0.9

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:manageability enginescope: - version: -

Trust: 0.8

vendor:manageability enginemodel: - scope:eqversion:*

Trust: 0.6

vendor:manageability enginemodel: - scope:eqversion:11.0

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.5

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.6

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.7

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.10

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.20

Trust: 0.2

vendor:active managementmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1 // CNVD: CNVD-2017-37851 // BID: 101918 // JVNDB: JVNDB-2017-010467 // CNNVD: CNNVD-201711-881 // NVD: CVE-2017-5711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5711
value: HIGH

Trust: 1.0

NVD: CVE-2017-5711
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37851
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-881
value: HIGH

Trust: 0.6

IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-113914
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5711
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37851
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113914
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5711
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-5711
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1 // CNVD: CNVD-2017-37851 // VULHUB: VHN-113914 // JVNDB: JVNDB-2017-010467 // CNNVD: CNNVD-201711-881 // NVD: CVE-2017-5711

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-113914 // JVNDB: JVNDB-2017-010467 // NVD: CVE-2017-5711

THREAT TYPE

local

Trust: 0.9

sources: BID: 101918 // CNNVD: CNNVD-201711-881

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-881

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010467

PATCH
title:INTEL-SA-00086url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Trust: 0.8
title:NTAP-20171120-0001url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 0.8
title:Intel Manageability Engine has multiple patches for local buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111455
Trust: 0.6
title:Multiple Intel product Manageability Engine Firmware Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=76613
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37851 // 
            
            
            
            JVNDB: JVNDB-2017-010467 // 
            
            
            
            CNNVD: CNNVD-201711-881

EXTERNAL IDS
db:NVDid:CVE-2017-5711
Trust: 3.6
db:BIDid:101918
Trust: 2.6
db:SECTRACKid:1039852
Trust: 1.7
db:SIEMENSid:SSA-892715
Trust: 1.7
db:CNNVDid:CNNVD-201711-881
Trust: 0.9
db:CNVDid:CNVD-2017-37851
Trust: 0.8
db:JVNDBid:JVNDB-2017-010467
Trust: 0.8
db:IVDid:E2E04451-39AB-11E9-B6F1-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-113914
Trust: 0.1
sources:
            
            
            IVD: e2e04451-39ab-11e9-b6f1-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2017-37851 // 
            
            
            
            VULHUB: VHN-113914 // 
            
            
            
            BID: 101918 // 
            
            
            
            JVNDB: JVNDB-2017-010467 // 
            
            
            
            CNNVD: CNNVD-201711-881 // 
            
            
            
            NVD: CVE-2017-5711

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 2.5
url:http://www.securityfocus.com/bid/101918
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 1.7
url:https://www.asus.com/news/wzeltg5cjyaiwgj0
Trust: 1.7
url:http://www.securitytracker.com/id/1039852
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5711
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5711
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37851 // 
            
            
            
            VULHUB: VHN-113914 // 
            
            
            
            BID: 101918 // 
            
            
            
            JVNDB: JVNDB-2017-010467 // 
            
            
            
            CNNVD: CNNVD-201711-881 // 
            
            
            
            NVD: CVE-2017-5711

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101918

SOURCES
db:IVDid:e2e04451-39ab-11e9-b6f1-000c29342cb1
db:CNVDid:CNVD-2017-37851
db:VULHUBid:VHN-113914
db:BIDid:101918
db:JVNDBid:JVNDB-2017-010467
db:CNNVDid:CNNVD-201711-881
db:NVDid:CVE-2017-5711

LAST UPDATE DATE
2024-08-14T13:29:32.680000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37851date:2017-12-22T00:00:00
db:VULHUBid:VHN-113914date:2018-05-11T00:00:00
db:BIDid:101918date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010467date:2017-12-14T00:00:00
db:CNNVDid:CNNVD-201711-881date:2023-05-23T00:00:00
db:NVDid:CVE-2017-5711date:2023-05-22T16:18:57.140

SOURCES RELEASE DATE
db:IVDid:e2e04451-39ab-11e9-b6f1-000c29342cb1date:2017-12-22T00:00:00
db:CNVDid:CNVD-2017-37851date:2017-12-22T00:00:00
db:VULHUBid:VHN-113914date:2017-11-21T00:00:00
db:BIDid:101918date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010467date:2017-12-14T00:00:00
db:CNNVDid:CNNVD-201711-881date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5711date:2017-11-21T14:29:00.510